Collaborative RCE Tool Library - Debuggers (including sub-categories)

Tool Updated: WinAppDbg (Python module)

Tue, 24 Aug 2010 13:04:26 GMT

Listed in categories: Debugger Libraries, Debuggers, Ring 3 Debuggers

Most recent version:
1.4

Most recent release date:
August 24, 2010

Description:
The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.

Tool Added: Pokas x86 Emulator for Generic Unpacking

Sun, 18 Jul 2010 16:32:01 GMT

Listed in categories: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes

Most recent version:
1.0.0.0

Most recent release date:
July 18, 2010

Description:
Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon ith the help of your feedback.

It still doesn't support multithreading and doesn't support Linux ELF executables.
It's still working only on windows but the Linux version will be available soon.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg

Tool Updated: EDB Linux Debugger

Fri, 28 May 2010 16:11:57 GMT

Listed in categories: Debuggers, Linux Debuggers, Ring 3 Debuggers

Most recent version:
0.9.14

Most recent release date:
May 28, 2010

Description:
Features
* Intuitive GUI interface
* The usual debugging operations (step-into/step-over/run/break)
* Conditional breakpoints
* Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
* Basic instruction analysis
* View/Dump memory regions
* Effective address inspection
* The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
* Importing of symbol maps
* Plugins
o Search for binary strings
o Code Bookmarks
o Breakpoint management
o Check for updates
o Environment variable viewer
o Heap block enumeration
o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan)
o Open file enumeration
o Reference finder
o String searching (like strings command in *nix)

One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the "DebuggerCoreInterface" interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it's highly system specific nature.

Tool Added: HyperDbg

Wed, 28 Apr 2010 17:36:59 GMT

Listed in categories: Ring 0 Debuggers

Most recent version:
20100325

Most recent release date:
March 25, 2010

Description:
HyperDbg is a kernel debugger that leverages hardware-assisted virtualization. More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Compared to traditional kernel debuggers (e.g., WinDbg, SoftIce, Rasta R0 Debugger) HyperDbg is completely transparent to the kernel and can be used to debug kernel code without the need of serial (or USB) cables. For example, HyperDbg allows to single step the execution of the kernel, even when the kernel is executing exception and interrupt handlers. Compared to traditional virtual machine based debuggers (e.g., the VMware builtin debugger), HyperDbg does not require the kernel to be run as a guest of a virtual machine, although it is as powerful.

Tool Updated: Radare

Thu, 04 Mar 2010 17:37:43 GMT

Listed in categories: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers

Most recent version:
1.5

Most recent release date:
December 13, 2009

Description:
<nowiki>The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc.

The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls.

The debugger and disassembler has a code analysis module for x86, mips, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary.

The toolchain provides assemblers and disasemblers for x86, arm, mips (Loongson2F), sparc, CSR, m68k, powerpc, msil and java.

The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so).

The debugger is mainly developed on linux and {Net

Tool Updated: Malzilla

Sun, 21 Feb 2010 13:26:55 GMT

Listed in categories: Javascript Debuggers, Javascript Deobfuscators

Most recent version:
1.2.0

Most recent release date:
November 2, 2008

Description:
Malware hunting tool. Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell.

Tool Updated: DynamoRIO

Tue, 09 Feb 2010 18:12:27 GMT

Listed in categories: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Disassembler Libraries, Profiler Tools

Most recent version:
1.50.0.1

Most recent release date:
December 29, 2009

Description:
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.

Tool Updated: Syser

Mon, 25 Jan 2010 03:14:30 GMT

Listed in categories: Ring 0 Debuggers

Most recent version:
1.99.1900.1195

Most recent release date:
January 10, 2010

Description:
A new promising ring 0 debugger for Windows,
aiming to take the place of the once almighty SoftICE.

is designed for Windows NT Family based on X86 platform.
It is a kernel debugger with full-graphical interfaces and supports assembly debugging and source code debugging.

Very capable SoftICE alternative, this tool has become truly powerful!

Tool Updated: Dotnet IL Editor (DILE)

Sun, 09 Aug 2009 13:13:28 GMT

Listed in categories: .NET Debuggers, .NET Disassemblers, .NET Executable Editors

Most recent version:
0.2.6

Most recent release date:
September 30, 2007

Description:
Dotnet IL Editor (DILE) is an editor program which helps modifying .NET assemblies. It is intended to be able to disassemble .NET assemblies, modify the IL code, recompile it and run inside a debugger.

Tool Updated: IDA Pro

Thu, 06 Aug 2009 16:22:01 GMT

Listed in categories: .NET Disassemblers, Disassemblers, IPhone Tools, Linux Debuggers, Linux Disassemblers, Mobile Platform Debuggers, Mobile Platform Disassemblers, Ring 3 Debuggers, Symbian Tools

Most recent version:
5.5

Most recent release date:
June 15, 2009

Description:
The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows or on Linux. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation.

There is also a free (crippled) version available (IDA Pro Free). See its own entry in the library for more info.

As of January 7, 2007, the official IDA Pro website moved from the old URL (http://www.datarescue.com/idabase) to the one listed above.

Tool Updated: PaiMei

Sun, 28 Jun 2009 13:33:19 GMT

Listed in categories: Debugger Libraries, Reverse Engineering Frameworks

Most recent version:
1.1-REV122

Most recent release date:
May 22, 2007

Description:
PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The framework breaks down into the following core components:

* PyDbg: A pure Python win32 debugging abstraction class.
* pGRAPH: A graph abstraction layer with seperate classes for nodes, edges and clusters.
* PIDA: Built on top of pGRAPH, PIDA aims to provide an abstract and persistent interface over binaries (DLLs and EXEs) with separate classes for representing functions, basic blocks and instructions. The end result is the creation of a portable file that when loaded allows you to arbitrarily navigate throughout the entire original binary.

A layer above the core components you will find the remainder of the PaiMei framework broken into the following over-arching components:

* Utilities: A set of utilities for accomplishing various repetitive tasks.
* Console: A pluggable WxPython GUI for quickly and efficiently rolling out your own sexy RE utilities.
* Scripts: Individual scripts for accomplishing various tasks. One very important example of which is the pida_dump.py IDA Python script which is run from IDA to generate .PIDA modules.

The documentation for the framework is available online at: http://pedram.openrce.org/PaiMei/docs

A very informative discussion thread about PaiMei, including a bunch of tutorials on how to use the different aspects of it, can be found at:
http://www.woodmann.com/forum/showthread.php?t=10851

Tool Added: Ragweed

Sun, 28 Jun 2009 13:32:39 GMT

Listed in categories: Debugger Libraries

Most recent version:

Most recent release date:

Description:
Ragweed is available as a gem through github:

sudo gem install tduehr-ragweed

Why a scriptable debugger?

When reversing, the usual debugging tools for developers aren’t as useful. They’re built for stepping interactively through programs you have source code for. They don’t generally have methods to get data out.

Reversing also requires being able to do mean and nasty things to the running process. When tracing calls, you want to watch how they interact. The last thing you want to do is anything manual. Automation is a requirement.

Also helpful is the ability to automate information gathering tasks, or the ability to dynamically add, remove or change breakpoints. These features are why scriptable debuggers have been created: To play with black boxes in a more dynamic and seedier manner.

What’s available already?

There are already scriptable debuggers out there. The most notable are PaiMei/PyDbg, Immunity Debugger and IDA.

PaiMei is written in Python, bills itself as “a reverse engineer’s swiss army knife” and uses the Python ctypes library for low level win32 calls.

Immunity Debugger is a GUI debuggger for win32 that uses Python for its scripting functionality.

IDA Pro is largely a win32 disassembler, but it is scriptable, again in Python, and includes a debugging module.

Before I get run off by a screaming mob with pitchforks, flightless birds, members of the family bovidae, etc., I will also mention GDB which has a library in development (libgdb) and can be scripted through macros.

With the exception of GDB which runs on most platforms and has its own macro language, these all share two common problems: Win32 and Python. Matasano is a Ruby shop. We like Ruby. It is good to us. We also wanted a tool for non-Win32 applications. But mostly, we just wanted something in Ruby.

Enter Ragweed

I’m going to stick to the OSX side of Ragweed for this article since I’m most familiar with it and there is still work to be done to unify the (currently) three debugging APIs —- Win32, Linux, and OSX —- inside Ragweed.

Under the hood, Ragweed (on OSX) uses Ruby/DL to perform the various low level system calls necessary to create a debugger. (More about that in my post from last year). These calls are abstracted somewhat to provide a smoother, more Ruby-like interface.

There are two caveats for Ragweed in OSX:

* Due to the changes in Ruby 1.9 to DL, it is currently incompatible with 1.9.
* Also, under OSX, Ragweed wants to run as root due to restrictions on
Code:

task_for_pid

.

A quick example (this we can do in IRB):

# debugging ftp using default signal handlers, printing registers every stop and logging calls to _lpwd

require ‘ragweed’
class DebugFtp < Debuggerosx

# print the registers every time the process stops

def on_stop(signal)

puts "Stopped with signal #{signal}"

self.threads.each {''

Tool Updated: W32DASM

Wed, 17 Jun 2009 11:26:02 GMT

Listed in categories: Disassemblers, Ring 3 Debuggers

Most recent version:
8.94

Most recent release date:
March 11, 2003

Description:
Before IDA Pro, W32DASM was the king of Windows 32 bit executable disassemblers.

It also has a ring 3 debugger built-in.

Tool Updated: SoftICE

Wed, 17 Jun 2009 11:19:44 GMT

Listed in categories: 16 bit and DOS Debuggers, Ring 0 Debuggers

Most recent version:

Most recent release date:
April, 2006

Description:
SoftICE was the king of ring 0 debuggers until Windows XP came along. At that point it turned very unstable on many computers, and never really recovered. It was sadly discontinued in April 2006.

SoftICE began its story already as a DOS debugger, brought to fame by the ORC tutorials. These ancient DOS versions, 2.62 (with snap feature) and 2.80 (snap feature removed), are downloadable here for history preserving reasons.

Tool Updated: Turbo Debugger

Wed, 17 Jun 2009 11:18:26 GMT

Listed in categories: 16 bit and DOS Debuggers

Most recent version:
5.5

Most recent release date:

Description:
Turbo Debugger was the most advanced debugger back in the 16-bit and DOS day.

Tool Updated: RosAsm

Wed, 15 Apr 2009 23:58:52 GMT

Listed in categories: Assembler IDE Tools, Assemblers, Debuggers, Disassemblers

Most recent version:
2.051a

Most recent release date:
April 15, 2009

Description:
Previously known as SpAsm.

The easy way for writing full 32 Bits Applications in Assembly

IDE with full integration of all components. RosAsm is auto-compilable and the Sources are hosted inside the PEs. No installation overhead (the silent auto-install coming with RosAsmFull.zip makes RosAsm the only actual Click&Go Assembler environment).

Real Sources Editor with tons of unique features, specificaly devoted to secure editions and to huge mono-files assembly sources: Tree-view, instant jump to any type of declaration by simple right-click, division of the mono-files into TITLEs, advanced IncIncluder pre-parser, and so on...

The fastest of the actual assemblers, (1.5 Mega/second on a Celeron 1.3 Ghz...) directly outputting PE files on a simple click, with a powerful macros system (a macros unfolder is available by a double-click, through a float menu). Simplified Intel syntax. Does not need any include, prototype or header companion file. Nothing but a single simple source. Complete implementation of the mnemonics set, up to SSE3. RosAsm Bottom-Up Assembler is a true low level Assembler, enabling HLL writing styles by user defined macros and/or by HLL pre-parsers selections.

Selectable Pre-Parsers performing various tasks, like HLL expressions parsing, alternate syntaxes, Includes Managements, ...

Source level Debugger with a state-of-the-art memory inspector and very advanced features, like the dynamic break-points, that can be set/removed by simple clicks, as well as at write-time and/or at run-time, like with the most advanced HLLs. To run the Debugger, You simply click on Run and your application is running through the debugger. Any error (or break-point, enabling advanced stepping modes) is pointed out directly in your source code. Accurate messages are delivered on errors cases.

Disassembler. To date, RosAsm is the one and only two-clicks-disassembler-reassembler ever seen. It is, actually, fully effective on most small files and on many middle size applications: The dream tool for study and/or for porting your works to assembly.

Original Resources Editors, with control of matching styles, outputting as well resources, files, and memory templates.

Integrated Help system, with a complete 32 bits Assembly Tutorials, Opcode help, and RosAsm Manual (2 megas of documentation, more than 600 organised rtf files).

Clip file system, for templates reuse.

Integrated OS Equates, and Structures files, saving from any boring include.

... and much more...

Take care that, as opposed to most RAD/IDEs, RosAsm does not attempt to impress you with multiple windows jumping all over the screen and with insistant features. Instead, RosAsm features implementations have always been made as discreet and as silent as possible, and the overall look-and-feel has always been made as naked and as simple as possible. Many implementations are optional, through the configuration tab.

Though RosAsm is the most accurate tool for learning the marvelous simplicity of Assembly - particulary since the inclusion of the Interactive Visual Tutorials - and though it is the easiest way to jump right into the true thing, it has been thought and designed, first, as a professional tool for real life applications programming in full assembly. Its final purpose is to compete with the current most commonly used HLLs, for serious applications writing. This goal will be achieved, in the near future, with the upcoming implementations of the Visual Components Designers (Wizards) and with the implementations of some Applications builders.

Tool Updated: Symbol Type Viewer

Wed, 21 Jan 2009 23:11:21 GMT

Listed in categories: Symbol Retrievers, Symbol Tools

Most recent version:
32Bit/64Bit Version 1.0.0.6 (beta)

Most recent release date:
May 19, 2008

Description:
Symbol Type Viewer 32Bit/64Bit Version 1.0.0.6 beta

Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).

Symbol Type Viewer allows to :
- download the symbols (pdb) very simply.
- sail and visualize in a detailed way the types and their members in the form of tree structure
easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there
- translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)
- personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)
- apply searchs of texts or regular expressions
- do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)

CHRONOLOGY

[+] May 18th, 2008 : Version 1.0.0.6 beta (32Bit / 64Bit)
- [bug] Correction of a problem with “_unnamed” structures included in a member of struct array. Those are not defined during a complete translation to the C format. This problem doesn't appear during a translation to IDA script like with Viewer. (Thank to Damien AUMAITRE)

[+] May 10th, 2008 : Version 1.0.0.5 beta (32Bit / 64Bit)
- [bug] Correction of a problem of identification of bitfield structure inside “union” (Thank to mxatone)
- [bug] Correction of a problem with IDA and the too small member names. IDA does not accept the names lower than 3 characters. To solve that, "__” is automatically added at the end of the names with one or two characters. This is applied only for IDA formatting script.

[+] March 20th, 2008 : Version 1.0.0.4 beta (32Bit / 64Bit)
- Addition of a filter allows to limit the translation scan (Thank to Orkblutt and buri)
- [bug] Correction of a problem of inappropriate error message when the symbols don't contain Types (Thank to Orkblutt and memo5)

[+] February 27th, 2008 : Version 1.0.0.3 beta (32Bit / 64Bit)
- Addition of a function of research starting from a text or a regular expression
- Addition of buttons of navigation keeping in memory the 100 last selections
- Possibility of fixing the size of the pointers in the structures for the C language. This option can be very useful when one wishes to make a work with 32bits processes in an 64bits environment.
- Possibility of personalizing a suffix at the end of all the names of the unions, structures, enumerations and functions. This makes it possible to use the entities formatted in projects while avoiding the conflicts of declaration which can appear.
- All the entities deduced or without name (unnamed) met in the members from the structures have a single name then. In order to give a maximum of information making it possible to identify the role of these entities, it is added to the single name the names of all the members dependant on this entity. Each name of added member is separated by a character “_”
- Addition of Exit menu (Thank to ouadji (most crazy of my friends) -> "An application without Exit menu is not a application. It's like the Camenbert… There doesn't exist Alsatian Camembert cheese..." )
- [bug] Correction of a problem of size of pointers in 64bit structures formatted for IDA script
- [bug] Correction of a problem of principal window refresh under Vista.
- [bug] Correction of a problem when one makes “Brut copy” with the “Format view” panel wich is empty. (Thank to ouadji )

[+] January 15th, 2008 : Version 1.0.0.2 beta (32Bit / 64Bit)
- Symbol Type Viewer is now compatible with the versions 32bits and 64bits of Windows.
- The functions met in the structures are now accessible directly since the tree view.
- Preparing of the tree with icons significant.
- In the format C structures, the unused zones appear now clearly in red. These zones are theoretically available to store personal data.
- [bug] Correction of bad size estimate with certain local structures.

[+] December 29th, 2007 : Version 1.0.0.1 beta (32Bit)
- [bug] Correction of a problem giving (with certain parameters of system appearance) a nonwhite background in the formatted structures view. This can be disturbing. Especially when the background appears in black. (Thank to DarKPhoeniX).
- [bug] Correction of a bad management of the variable system _NT_SYMBOLS_PATH when this one isn't completly in lower case (Thank to Neitsa)

[+] December 28th, 2007 : Version 1.0.0.0 beta (32Bit)
- Initial version

Bugs report : stv(at)laboskopia.com

www.laboskopia.com

Tool Added: Wintruder

Fri, 24 Oct 2008 20:27:40 GMT

Listed in categories: .NET Debuggers, Ring 3 Debuggers, Visual Basic Debuggers

Most recent version:
1.0.0.1

Most recent release date:
October 17, 2008

Description:
Wintruder is an extendable debugger for Windows 9x and Windows XP.
By default, it includes debug interfaces for:
- Win32 Debug API
- Intel x86
- Microsoft VisualBasic p-code
- Virtual Dos Machine (XP only)
- Win32 Stealth (XP only)
- Intel x86
- Microsoft VisualBasic p-code
- Virtual Dos Machine
- Microsoft .Net (.Net 1.0 and up)
- .Net CIL

You can use Wintruder for free. For more information read license.txt. If this file does not exist, type wintruder.exe -l

This version of Wintruder is a development snapshot and far from being a final release.

Most important limitations:
- You may encounter several bugs and deficiencies.
- The use of debug information is limited to bare function definitions.
- The native .Net debugger is missing.
- The script engine is not really working.
- Much, much more…

By the way:
- The DiaDbg plug-in requires the Microsoft Debug Interface Access library. (msdia80.dll, msdia71.dll or msdia20.dll)
- To be more precise: None of the libraries Wintruder is bound to is included in this distribution.

Tool Updated: Whiskey Kon Tequilla VB P-Code Debugger

Fri, 24 Oct 2008 20:11:51 GMT

Listed in categories: Disassemblers, Visual Basic Debuggers, Visual Basic Decompilers

Most recent version:
1.3e

Most recent release date:
Around 2001

Description:
Also known as "WKT Debugger".

At the time it showed up, the one and only P-Code disassembler / debugger mankind was able to use.

Before it, debugging of the P-Code (Runtime interpreted Pseudo-VB code) with ordinary disassemblers / debuggers was really pain in your neck. This one saved me a lot of time, and probably helped postpone my deportation to the psychiatric research facility.

Tool Updated: Linice

Sun, 13 Jul 2008 11:35:53 GMT

Listed in categories: Linux Debuggers, Ring 0 Debuggers

Most recent version:
2.6

Most recent release date:
July 28, 2005

Description:
What is Linice?

Linice is an Intel x86-based, Linux source-level kernel debugger with the look and feel of SoftIce for MS Windows.

Linice is designed to be used by the people who have SoftIce experience. Linice provides a major subset of SoftIce commands, and adds a few new ones. For that reason the documentation describing individual commands is not provided. There are a number of good resources on the Web that describe all SoftIce commands (Google "SoftIce" keyword.)

What can I use it for?

You can use Linice to debug a kernel module or a user application. You can also debug a Linux kernel. Kernel does not need to be recompiled or patched in any way. The debugger proper loads as a module into the running kernel and supports debugging using the following devices:
local VGA frame buffer
X-Window
remote serial terminal
monochrome monitor

You can break into a running kernel at any time by a hotkey. Place breakpoints, single step, watch variables etc. Multiple international keyboard layouts are supported.